This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[routing-wg] "Mapping the RPKI unreachable IP address space" - RIPE specific results
- Previous message (by thread): [routing-wg] adding a RPKI indicator to RIPEstat's prefix consistency widget?
- Next message (by thread): [routing-wg] is RIPEstat confused about the origin of 147.171.0.0/16?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
nusenu
nusenu-lists at riseup.net
Wed Sep 26 12:29:00 CEST 2018
Hi, I looked into where RPKI unreachable IP address space is located [1] - with the motivation to reduce the size of it - and wanted to share the RIPE related numbers with you. Globally there are about 8700 /24 blocks that are RPKI unreachable. RIPE's share of the RPKI unreachable IP space is: - for IPv4: ~25% - for IPv6: ~61% What is "RPKI unreachable IP space"? IP space that is not reachable in an environment that rejects RPKI INVALID routes (performs ROV). Most such INVALIDs are likely results of ROA misconfigurations - but not all of them are. The goal is to shrink the size of unreachable IP space to ease the deployment and operations of ROV. If you are a network operator you can search the list [3] for your ASN to see if your reachability suffers from RPKI misconfigurations (data as of 2018-09-24) or you can use the RPKI validator BGP Preview functionality for up-to-date information: https://rpki-validator.ripe.net/bgp-preview Affected networks might soon (by the end of the year) loose the ability to talk to Cloudflare networks since they plan to deploy ROV. That list [3] might also be useful for operators that deployed ROV in their networks already to get an idea of what networks might cause reachability issues for them. If you are on the list but the INVALID state is expected (i.e. due to RPKI research blocks) please drop me an email. It would be nice if RIPE's RPKI world map [2] would include a graph for - unreachable IPv4 address space (in /24 blocks) - unreachable IPv6 address space (in /48 blocks) and maybe even: fraction of unreachable IP space compared to total IP space per country. kind regards, nusenu [1] https://medium.com/@nusenu/where-are-rpki-unreachable-networks-located-65c7a0bae0f8 [2] https://lirportal.ripe.net/certification/content/static/statistics/world-roas.html [3] https://gist.githubusercontent.com/nusenu/5e63f14815f2e9d19fa31ce2b0b549e7/raw/c29d0db10747a2874121cd73a3ff3ef99ed5f4ba/2018-09-24-ASNs-announcing-RPKI-unreachable-prefixes.txt -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/routing-wg/attachments/20180926/21a2ad6a/attachment.sig>
- Previous message (by thread): [routing-wg] adding a RPKI indicator to RIPEstat's prefix consistency widget?
- Next message (by thread): [routing-wg] is RIPEstat confused about the origin of 147.171.0.0/16?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]